Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

The type initializer for 'FluentSecurity.SecurityConfigurator' threw an exception. #70

Closed
robertmircea opened this Issue · 11 comments

2 participants

@robertmircea

Yet another problem with the "assembly scanner". From what it seems, it tries to load oci.dll which is a native dll (not an assembly)

The type initializer for 'FluentSecurity.SecurityConfigurator' threw an exception.
at FluentSecurity.SecurityConfigurator.Configure(Action`1 configurationExpression)
at Xyz.MvcApplication.Application_Start() in Global.asax.cs:line 117

Could not load file or assembly 'file:///C:\inetpub\wwwroot\xyz\bin\oci.dll' or one of its dependencies. The module was expected to contain an assembly manifest.
at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

Any suggestions on how to solve this?

@kristofferahl

I'm looking at a way to disable scanning for eventlisteners at startup so that it can be disabled before running tests. Also I think it should be possible to configure the assembly scanner that is used when scanning for event listeners. Does this sound like it would solve your issues?

@robertmircea

Maybe a more generic approach would be to test if the dll loaded is a real .NET assembly. Another useful approach would be maybe to filter by name the dll/exes loaded by assembly scanner (AssembliesFromPath method)

Do you have any recommendation on how can I workaround this issue until you have published a new nuget package containing a more elegant fix?

@kristofferahl

I'm afraid I don't see a clear way of fixing this temporarily unless you want to build from source. I will try and send you a nuget package tonight so you can try out the fix I have worked on. If it works, we can have a nightly build available on myget.org the day after. And once we see it working for you I can release it to nuget.org. Would that work for you?

@robertmircea

Yes, this approach should work. Waiting for your nuget package.

@kristofferahl

I think I have some nugets ready for you. I haven't really tested it in an application but the changes I've made are pretty small and we have lots of unit tests covering FluentSecurity. How do you want me to send the nugets? Are you on twitter? If so, I'm @kristofferahl there.

@robertmircea

Something seems wrong. I have the following code now:

public static void ConfigureSecurityFluently(IWindsorContainer container)
         {
             if (container == null) throw new ArgumentNullException("container");

             SecurityDoctor.Current.ScanForEventListenersOnConfigure = false;
             SecurityDoctor.Current.EventListenerScannerSetup = scan =>
                                                                {
                                                                    scan.ExcludeAssembly(file => Path.GetFileName(file).EqualsIgnoreCase("oci.dll"));
                                                                    scan.AssembliesFromApplicationBaseDirectory();
                                                                };


             SecurityConfigurator.Configure(configuration =>
             {
                 configuration.ResolveServicesUsing(type => container.ResolveAll(type).Cast<object>());
                 // Let Fluent Security know how to get the authentication status of the current user
                 configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);

                 // Let Fluent Security know how to get the roles for the current user
                 configuration.GetRolesFrom(GetCurrentUserRoles);

                 //deny anonymous access to just about everything
                 configuration.ForAllControllers().DenyAnonymousAccess();
[...]

but I receive the same error message at startup when calling ConfigureSecurityFluently()


Could not load file or assembly 'file:///C:\inetpub\wwwroot\dp\bin\oci.dll' or one of its dependencies. The module was expected to contain an assembly manifest.
   at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
   at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
   at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
   at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark)
   at System.Reflection.Assembly.LoadFrom(String assemblyFile)
   at FluentSecurity.Scanning.AssemblyScanner.AssembliesFromPath(String path, Predicate`1 assemblyFilter)
   at FluentSecurity.Diagnostics.SecurityDoctor.ScanForEventListeners()
   at FluentSecurity.SecurityConfigurator.Configure(Action`1 configurationExpression)
   at DP.Web.MvcApplication.Application_Start() in Global.asax.cs:line 120
@kristofferahl

@robertmircea Sorry about that, I messed up while coding during my lunch break... I found the issue that caused scanning to occur even if you set ScanForEventListenersOnConfigure to false.

I will send you a new package that you can try. This time I've actually tried it myself and managed to get it working... ;)

Here's the options available to fix it again. You only need to pick one of the options:

1) Disable scanning for eventlisteners during config
If you haven't registered any event listeners for diagnostics purposes and you are not using the Glimpse package for FluentSecurity you can safely disable event listener scanning.
This is done by including the following line before your call to SecurityConfigurator.Configure(....):

SecurityDoctor.Current.ScanForEventListenersOnConfigure = false;

2) Override the options for the event listener scanner
Before your call to SecurityConfigurator.Configure(....), you can build up the assembly scanner used for scanning for event listeners. This could look something like this:

SecurityDoctor.Current.EventListenerScannerSetup = scan =>
{
    scan.ExcludeAssembly(file => Path.GetFileName(file).Equals("somedlltoignore.dll"));
    scan.AssembliesFromApplicationBaseDirectory();
};

There are more options available to you on the scan object but I'm sure you'll figure those out. If not, let me know.

If you're only having these problems when running your tests, you can leave your application as is and use one of the options above in your tests just before calling SecurityConfigurator.Configure(....).

@robertmircea

The release works now properly and I didn't see any issues after updating to the last package version sent. I've tested each option separately and I think you can go ahead now and publish it as a public package since they both work.

It would be useful if you could write some xml-doc explaining what ScanForEventListenersOnConfigure or EventListenerScannerSetup do. It seems hard to understand without further insight what they do.

@kristofferahl

@robertmircea I just pushed the changes to the develop branch. So tomorrow there will be a new nightly build available on myget.org (https://www.myget.org/F/fluentsecurity/api/v2/package/FluentSecurity/2.0.0-build316).

In regards to xml-doc, I'm not a big fan I'm afraid. I have updated the documentation and our wiki though and hopefully this will be good enough. https://github.com/kristofferahl/FluentSecurity/wiki/Diagnostics-2.0#disableconfigure-scanning-of-isecurityeventlisteners

If you have any last minute suggestions on better naming, please give me a shout.

I will need to do some additional testing before releasing it on nuget.org but I think we should be able to enjoy version 2.1.0 after the weekend has gone.

@kristofferahl

Sorry @robertmircea, haven't had time to push a new nuget package to nuget.org. Christmas times you know... Will do my best to get it out this week.

@kristofferahl

@robertmircea I just pushed FluentSecurity 2.1.0 to nuget.org so I'm closing this issue. If you experience any issues with it, please reopen this issue or add a new one. Thanks again for all your help in getting this issue resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.